Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/runit-2.1.2/runit-2.1.2/src/wait.h
Examining data/runit-2.1.2/runit-2.1.2/src/alloc.c
Examining data/runit-2.1.2/runit-2.1.2/src/uidgid.c
Examining data/runit-2.1.2/runit-2.1.2/src/pmatch.h
Examining data/runit-2.1.2/runit-2.1.2/src/taia.h
Examining data/runit-2.1.2/runit-2.1.2/src/fifo.c
Examining data/runit-2.1.2/runit-2.1.2/src/open_write.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_approx.c
Examining data/runit-2.1.2/runit-2.1.2/src/pmatch.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_1.c
Examining data/runit-2.1.2/runit-2.1.2/src/alloc.h
Examining data/runit-2.1.2/runit-2.1.2/src/runsvchdir.c
Examining data/runit-2.1.2/runit-2.1.2/src/ndelay_on.c
Examining data/runit-2.1.2/runit-2.1.2/src/open.h
Examining data/runit-2.1.2/runit-2.1.2/src/sig_catch.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_write.c
Examining data/runit-2.1.2/runit-2.1.2/src/error.c
Examining data/runit-2.1.2/runit-2.1.2/src/tryuwtmp.c
Examining data/runit-2.1.2/runit-2.1.2/src/sig_pause.c
Examining data/runit-2.1.2/runit-2.1.2/src/trysocketlib.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_read.c
Examining data/runit-2.1.2/runit-2.1.2/src/byte.h
Examining data/runit-2.1.2/runit-2.1.2/src/fd.h
Examining data/runit-2.1.2/runit-2.1.2/src/runsvstat.c
Examining data/runit-2.1.2/runit-2.1.2/src/open_trunc.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_add.c
Examining data/runit-2.1.2/runit-2.1.2/src/fmt_uint.c
Examining data/runit-2.1.2/runit-2.1.2/src/strerr_die.c
Examining data/runit-2.1.2/runit-2.1.2/src/openreadclose.h
Examining data/runit-2.1.2/runit-2.1.2/src/lock_ex.c
Examining data/runit-2.1.2/runit-2.1.2/src/ndelay.h
Examining data/runit-2.1.2/runit-2.1.2/src/taia_less.c
Examining data/runit-2.1.2/runit-2.1.2/src/strerr.h
Examining data/runit-2.1.2/runit-2.1.2/src/trysysel.c
Examining data/runit-2.1.2/runit-2.1.2/src/tai_now.c
Examining data/runit-2.1.2/runit-2.1.2/src/tai_pack.c
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_eady.c
Examining data/runit-2.1.2/runit-2.1.2/src/fmt_ptime.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer.h
Examining data/runit-2.1.2/runit-2.1.2/src/fmt_uint0.c
Examining data/runit-2.1.2/runit-2.1.2/src/error_str.c
Examining data/runit-2.1.2/runit-2.1.2/src/readclose.c
Examining data/runit-2.1.2/runit-2.1.2/src/runsv.c
Examining data/runit-2.1.2/runit-2.1.2/src/tryflock.c
Examining data/runit-2.1.2/runit-2.1.2/src/str.h
Examining data/runit-2.1.2/runit-2.1.2/src/buffer.c
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_cat.c
Examining data/runit-2.1.2/runit-2.1.2/src/str_diff.c
Examining data/runit-2.1.2/runit-2.1.2/src/fmt.h
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc.h
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_opys.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_put.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_now.c
Examining data/runit-2.1.2/runit-2.1.2/src/lock_exnb.c
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_pend.c
Examining data/runit-2.1.2/runit-2.1.2/src/tryulong64.c
Examining data/runit-2.1.2/runit-2.1.2/src/open_read.c
Examining data/runit-2.1.2/runit-2.1.2/src/fmt_ulong.c
Examining data/runit-2.1.2/runit-2.1.2/src/trywaitp.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_frac.c
Examining data/runit-2.1.2/runit-2.1.2/src/tai.h
Examining data/runit-2.1.2/runit-2.1.2/src/iopause.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_get.c
Examining data/runit-2.1.2/runit-2.1.2/src/gen_alloc.h
Examining data/runit-2.1.2/runit-2.1.2/src/fd_copy.c
Examining data/runit-2.1.2/runit-2.1.2/src/gen_allocdefs.h
Examining data/runit-2.1.2/runit-2.1.2/src/openreadclose.c
Examining data/runit-2.1.2/runit-2.1.2/src/trysgprm.c
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_0.c
Examining data/runit-2.1.2/runit-2.1.2/src/trymkffo.c
Examining data/runit-2.1.2/runit-2.1.2/src/svwaitup.c
Examining data/runit-2.1.2/runit-2.1.2/src/tryreboot.c
Examining data/runit-2.1.2/runit-2.1.2/src/readclose.h
Examining data/runit-2.1.2/runit-2.1.2/src/seek.h
Examining data/runit-2.1.2/runit-2.1.2/src/runsvctrl.c
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_opyb.c
Examining data/runit-2.1.2/runit-2.1.2/src/env.h
Examining data/runit-2.1.2/runit-2.1.2/src/scan.h
Examining data/runit-2.1.2/runit-2.1.2/src/wait_pid.c
Examining data/runit-2.1.2/runit-2.1.2/src/scan_ulong.c
Examining data/runit-2.1.2/runit-2.1.2/src/strerr_sys.c
Examining data/runit-2.1.2/runit-2.1.2/src/tryuwtmpx.c
Examining data/runit-2.1.2/runit-2.1.2/src/uidgid.h
Examining data/runit-2.1.2/runit-2.1.2/src/alloc_re.c
Examining data/runit-2.1.2/runit-2.1.2/src/tryshsgr.c
Examining data/runit-2.1.2/runit-2.1.2/src/coe.h
Examining data/runit-2.1.2/runit-2.1.2/src/env.c
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_catb.c
Examining data/runit-2.1.2/runit-2.1.2/src/tai_unpack.c
Examining data/runit-2.1.2/runit-2.1.2/src/trysgact.c
Examining data/runit-2.1.2/runit-2.1.2/src/sig_block.c
Examining data/runit-2.1.2/runit-2.1.2/src/lock.h
Examining data/runit-2.1.2/runit-2.1.2/src/svwaitdown.c
Examining data/runit-2.1.2/runit-2.1.2/src/trydrent.c
Examining data/runit-2.1.2/runit-2.1.2/src/stralloc_cats.c
Examining data/runit-2.1.2/runit-2.1.2/src/open_append.c
Examining data/runit-2.1.2/runit-2.1.2/src/wait_nohang.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_uint.c
Examining data/runit-2.1.2/runit-2.1.2/src/tai_sub.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_sub.c
Examining data/runit-2.1.2/runit-2.1.2/src/fmt_ptime.h
Examining data/runit-2.1.2/runit-2.1.2/src/buffer_2.c
Examining data/runit-2.1.2/runit-2.1.2/src/taia_pack.c
Examining data/runit-2.1.2/runit-2.1.2/src/trycpp.c
Examining data/runit-2.1.2/runit-2.1.2/src/trypoll.c
Examining data/runit-2.1.2/runit-2.1.2/src/coe.c
Examining data/runit-2.1.2/runit-2.1.2/src/fifo.h
Examining data/runit-2.1.2/runit-2.1.2/src/ndelay_off.c
Examining data/runit-2.1.2/runit-2.1.2/src/error.h
Examining data/runit-2.1.2/runit-2.1.2/src/str_start.c
Examining data/runit-2.1.2/runit-2.1.2/src/runit.h
Examining data/runit-2.1.2/runit-2.1.2/src/sig.c
Examining data/runit-2.1.2/runit-2.1.2/src/sig.h
Examining data/runit-2.1.2/runit-2.1.2/src/chkshsgr.c
Examining data/runit-2.1.2/runit-2.1.2/src/pathexec.h
Examining data/runit-2.1.2/runit-2.1.2/src/pathexec_env.c
Examining data/runit-2.1.2/runit-2.1.2/src/pathexec_run.c
Examining data/runit-2.1.2/runit-2.1.2/src/prot.c
Examining data/runit-2.1.2/runit-2.1.2/src/prot.h
Examining data/runit-2.1.2/runit-2.1.2/src/seek_set.c
Examining data/runit-2.1.2/runit-2.1.2/src/sgetopt.c
Examining data/runit-2.1.2/runit-2.1.2/src/sgetopt.h
Examining data/runit-2.1.2/runit-2.1.2/src/subgetopt.c
Examining data/runit-2.1.2/runit-2.1.2/src/subgetopt.h
Examining data/runit-2.1.2/runit-2.1.2/src/utmpset.c
Examining data/runit-2.1.2/runit-2.1.2/src/byte_chr.c
Examining data/runit-2.1.2/runit-2.1.2/src/byte_copy.c
Examining data/runit-2.1.2/runit-2.1.2/src/byte_cr.c
Examining data/runit-2.1.2/runit-2.1.2/src/byte_diff.c
Examining data/runit-2.1.2/runit-2.1.2/src/byte_rchr.c
Examining data/runit-2.1.2/runit-2.1.2/src/str_chr.c
Examining data/runit-2.1.2/runit-2.1.2/src/str_len.c
Examining data/runit-2.1.2/runit-2.1.2/src/chpst.c
Examining data/runit-2.1.2/runit-2.1.2/src/sv.c
Examining data/runit-2.1.2/runit-2.1.2/src/fd_move.c
Examining data/runit-2.1.2/runit-2.1.2/src/runit-init.c
Examining data/runit-2.1.2/runit-2.1.2/src/svlogd.c
Examining data/runit-2.1.2/runit-2.1.2/src/x86cpuid.c
Examining data/runit-2.1.2/runit-2.1.2/src/runit.c
Examining data/runit-2.1.2/runit-2.1.2/src/runsvdir.c
Examining data/runit-2.1.2/debian/contrib/lib/async-timeout.c
Examining data/runit-2.1.2/debian/contrib/shutdown.c
FINAL RESULTS:
data/runit-2.1.2/runit-2.1.2/src/runit-init.c:22:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(STOPIT, 0100) == -1)
data/runit-2.1.2/runit-2.1.2/src/runit-init.c:24:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(REBOOT, 0) == -1)
data/runit-2.1.2/runit-2.1.2/src/runit-init.c:34:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(STOPIT, 0100) == -1)
data/runit-2.1.2/runit-2.1.2/src/runit-init.c:38:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(REBOOT, 0100) == -1)
data/runit-2.1.2/runit-2.1.2/src/runit.c:267:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(STOPIT, 0);
data/runit-2.1.2/runit-2.1.2/src/runsv.c:439:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((r =readlink("supervise", buf, 256)) != -1) {
data/runit-2.1.2/runit-2.1.2/src/runsv.c:456:15: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((r =readlink("log/supervise", buf, 256)) != -1) {
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:208:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
while (chmod(f, 0744) == -1)
data/runit-2.1.2/debian/contrib/lib/async-timeout.c:42:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[1], argv + 1);
data/runit-2.1.2/debian/contrib/shutdown.c:119:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv("/sbin/init", args);
data/runit-2.1.2/runit-2.1.2/src/chpst.c:290:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "u:U:b:e:m:d:o:p:f:c:r:t:/:n:l:L:vP012V"))
data/runit-2.1.2/runit-2.1.2/src/chpst.c:341:9: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(".") == -1) fatal("unable to change root directory");
data/runit-2.1.2/runit-2.1.2/src/chpst.c:428:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "nNxX")) != opteof)
data/runit-2.1.2/runit-2.1.2/src/chpst.c:459:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc,argv,"a:c:d:f:l:m:o:p:r:s:t:")) != opteof)
data/runit-2.1.2/runit-2.1.2/src/runsvstat.c:115:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, (const char * const *)argv, "lV")) != opteof) {
data/runit-2.1.2/runit-2.1.2/src/sgetopt.c:21:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt sgetoptmine
data/runit-2.1.2/runit-2.1.2/src/sgetopt.c:30:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc,char *const *argv,const char *opts)
data/runit-2.1.2/runit-2.1.2/src/sgetopt.h:7:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt sgetoptmine
data/runit-2.1.2/runit-2.1.2/src/sv.c:286:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i =getopt(argc, (char* const*)argv, "w:vV")) != opteof) {
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:681:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "R:r:l:b:tvV")) != opteof) {
data/runit-2.1.2/runit-2.1.2/src/svwaitdown.c:44:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "t:xkvV")) != opteof) {
data/runit-2.1.2/runit-2.1.2/src/svwaitup.c:43:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "s:vV")) != opteof) {
data/runit-2.1.2/runit-2.1.2/src/utmpset.c:94:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "wV")) != opteof) {
data/runit-2.1.2/debian/contrib/shutdown.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused[368];
data/runit-2.1.2/debian/contrib/shutdown.c:90:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(SYSV_FIFO, O_WRONLY);
data/runit-2.1.2/runit-2.1.2/src/alloc.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
data/runit-2.1.2/runit-2.1.2/src/buffer_0.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_0_space[BUFFER_INSIZE];
data/runit-2.1.2/runit-2.1.2/src/buffer_1.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_1_space[BUFFER_OUTSIZE];
data/runit-2.1.2/runit-2.1.2/src/buffer_2.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_2_space[256];
data/runit-2.1.2/runit-2.1.2/src/chpst.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufnum[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/fmt_ptime.c:31:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex[16] ="0123456789abcdef";
data/runit-2.1.2/runit-2.1.2/src/fmt_ptime.c:32:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pack[TAIA_PACK];
data/runit-2.1.2/runit-2.1.2/src/open_append.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_APPEND | O_CREAT,0600); }
data/runit-2.1.2/runit-2.1.2/src/open_read.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_RDONLY | O_NDELAY); }
data/runit-2.1.2/runit-2.1.2/src/open_trunc.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_TRUNC | O_CREAT,0644); }
data/runit-2.1.2/runit-2.1.2/src/open_write.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY); }
data/runit-2.1.2/runit-2.1.2/src/runit-init.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *prog[2];
data/runit-2.1.2/runit-2.1.2/src/runit.c:25:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const stage[3] ={
data/runit-2.1.2/runit-2.1.2/src/runit.c:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * prog[2];
data/runit-2.1.2/runit-2.1.2/src/runit.c:129:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ttyfd =open("/dev/console", O_RDWR)) != -1) {
data/runit-2.1.2/runit-2.1.2/src/runsv.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[20];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bspace[64];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spid[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[10];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prog[2];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *run[4];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stat[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/runsv.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/runit-2.1.2/runit-2.1.2/src/runsvdir.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[26];
data/runit-2.1.2/runit-2.1.2/src/runsvdir.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prog[3];
data/runit-2.1.2/runit-2.1.2/src/runsvstat.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[20];
data/runit-2.1.2/runit-2.1.2/src/runsvstat.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sulong[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/sgetopt.c:43:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chp[2]; chp[0] = optproblem; chp[1] = '\n';
data/runit-2.1.2/runit-2.1.2/src/sv.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svstatus[20];
data/runit-2.1.2/runit-2.1.2/src/sv.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sulong[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/sv.c:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prog[2];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stamp[FMT_PTIME];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnsave[FMT_PTIME];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prog[4];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[28];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldest[FMT_PTIME];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[FMT_ULONG +1];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:322:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldest[FMT_PTIME];
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:386:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ip4_scan(const char *s,char ip[4])
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:386:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ip4_scan(const char *s,char ip[4])
data/runit-2.1.2/runit-2.1.2/src/svwaitdown.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[20];
data/runit-2.1.2/runit-2.1.2/src/svwaitup.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[18];
data/runit-2.1.2/runit-2.1.2/src/svwaitup.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sulong[FMT_ULONG];
data/runit-2.1.2/runit-2.1.2/src/trypoll.c:11:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x.fd = open("trypoll.c",O_RDONLY);
data/runit-2.1.2/runit-2.1.2/src/utmpset.c:30:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd =open(UW_TMP_UFILE, O_RDWR, 0)) < 0)
data/runit-2.1.2/runit-2.1.2/src/buffer_read.c:8:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd,buf,len);
data/runit-2.1.2/runit-2.1.2/src/readclose.c:12:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,sa->s + sa->len,bufsize);
data/runit-2.1.2/runit-2.1.2/src/runit.c:182:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(selfpipe[0], &ch, 1) == 1) {}
data/runit-2.1.2/runit-2.1.2/src/runsv.c:547:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(selfpipe[0], &ch, 1) == 1)
data/runit-2.1.2/runit-2.1.2/src/runsv.c:589:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(svd[0].fdcontrol, &ch, 1) == 1) ctrl(&svd[0], ch);
data/runit-2.1.2/runit-2.1.2/src/runsv.c:591:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(svd[1].fdcontrol, &ch, 1) == 1) ctrl(&svd[1], ch);
data/runit-2.1.2/runit-2.1.2/src/runsvdir.c:305:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(logpipe[0], &ch, 1) > 0)
data/runit-2.1.2/runit-2.1.2/src/runsvstat.c:64:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch(read(fd, status, 20)) {
data/runit-2.1.2/runit-2.1.2/src/sv.c:107:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r =read(fd, svstatus, 20);
data/runit-2.1.2/runit-2.1.2/src/svlogd.c:621:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i =read(fd, s, len);
data/runit-2.1.2/runit-2.1.2/src/utmpset.c:35:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, &ut, sizeof(uw_tmp)) == sizeof(uw_tmp)) {
ANALYSIS SUMMARY:
Hits = 82
Lines analyzed = 7073 in approximately 0.28 seconds (25101 lines/second)
Physical Source Lines of Code (SLOC) = 5990
Hits@level = [0] 3 [1] 11 [2] 48 [3] 13 [4] 2 [5] 8
Hits@level+ = [0+] 85 [1+] 82 [2+] 71 [3+] 23 [4+] 10 [5+] 8
Hits/KSLOC@level+ = [0+] 14.1903 [1+] 13.6895 [2+] 11.8531 [3+] 3.83973 [4+] 1.66945 [5+] 1.33556
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.